OSCP Practice

Hi folks,
Been a paid member here since last year but not been on much since starting PWK 3 months ago. I just had my first go at the exam and failed. Not badly (50 or so out of 100, pass is 70). But I fell down on privesc mostly which seems to be my Achilles heel.

Can anyone suggest which machines on here are good for that and/or similar to the OSCP style? Solid-state springs to mind, I know it’s similar to an ex exam machine but any more would be good. As someone else said a lot on here are fun/CTF/puzzle style but I know there are some more realistic ones too (not that OSCP are all realistic either!)

Hoping to resit in 2 weeks with a bit of time in the PWK labs and a bit here. Looking forward to passing so I can get back to the HTB properly :slight_smile:

Thanks in advance.

The following is a quick list but should help:
Lame
Beep
■■■■■■■
Grandpa/Granny
Mirai
Solidstate
Jeeves
Tally (Much harder than anything on OSCP, but you’ve gotta get used to windows)
Bashed
Nibbles
Sense
Valentine
Bart (Again, same issue but really get used to windows)
Chatterbox
Popcorn
Haircut
Nineveh
Shocker

Try and get as much of the labs done as you can to be honest, and practice pivoting as much as you can!

Awesome, thanks! Done a few of those but will look back on my notes and try some of the others. Yeah need to work on the pivot, got most of the public network but need to master it so I can try the hosts in the other subnets.

Cheers, much appreciated.

blackwintersecurity.com is put together by OSCPs for PSCPs in training. A whole section of the site is dedicated to privesc. @asparagus6000

Thanks Scarab, the site is good, I can relate to a lot of it and the tips are very practical.

mark +1

Thank you Scarab

saw this posted this morning on Twitter has lots of good information

Thanks @Booj. The list is quite accurate. I’d like to add 3 more machines to @Booj 's list -

  1. Cronos
  2. Arctic
  3. Optimum

Cheers.

I believe the creator of TarTarSauce built the box with OSCP in mind

I would add Devel to the list

Hi everyone, just a note to say thanks for the tips above. The suggestions are spot on. I passed a few months ago and the added experience gained from doing some of these boxes (then watching ipp’s videos afterwards for additional tips) was a major factor in going from a nearly pass to a comfortable 2 day wait for ‘the email’.

Cheers!

@jamesa said:
I believe the creator of TarTarSauce built the box with OSCP in mind

In the OSCP labs, if you find an app, and if there is an exploit for that version, it will work as it would in the real world.
In TartarSauce, there is an app, the version is vulnerable, but then it doesn’t work as expected, in fact nothing works in the admin painel, it would never happen in the real world, in the real world companies have apps to work. So, it’s more like a game than a real world scenario… at least at that point.

@f4d0, indeed I agree with you. in the OSCP labs all works as it would be in the real world. However, it was very interesting box.

Labs were easy in comparison to most of the boxes here in my opinion

@cslatt05 said:
Labs were easy in comparison to most of the boxes here in my opinion

the friend of mine who passed oscp exam, told the same like you :slight_smile:

@asparagus6000 said:
Hi folks,
Been a paid member here since last year but not been on much since starting PWK 3 months ago. I just had my first go at the exam and failed. Not badly (50 or so out of 100, pass is 70). But I fell down on privesc mostly which seems to be my Achilles heel.

Can anyone suggest which machines on here are good for that and/or similar to the OSCP style? Solid-state springs to mind, I know it’s similar to an ex exam machine but any more would be good. As someone else said a lot on here are fun/CTF/puzzle style but I know there are some more realistic ones too (not that OSCP are all realistic either!)

Hoping to resit in 2 weeks with a bit of time in the PWK labs and a bit here. Looking forward to passing so I can get back to the HTB properly :slight_smile:

Thanks in advance.

So it’s funny, I got my OSCP and no I did not pass on my first try, or my second. There is something that I like to call the 50/55 Point wall. A lot of people I know hit it and its normal.
I am not ashamed to say I had to take the test a few times, I learned more because of it and I am stronger for it.
The hardest part of the test (IMO) is not actually the hacking, its keeping your head on straight for 24 hours (there are some ubers out there who can get all 5 boxes in 6 hours but lets not talk about them…)
Make a checklist of the basics, make sure you take breaks, and make sure you remember to eat. Do not get discouraged when you are stuck in a rabbit hole, everything that you do wrong is still new knowledge as to where not to go.
Trust your Gut, there is always a path too user and root, if all seems lost think about what you would do to make a similar box for a competition knowing what you know up to the point were you are at.
Just keep grinding away at the labs and here in HTB. Vulnhub is good too. Other users left a good list of boxes to go after and like I and other have said, get the most out of the labs that you can. Everything you do in there is a learning experience.
Watch Ippsec’s Videos for more tricks you can apply as well.
And above all else, stay motivated, its a hard test for a reason, don’t get discouraged, keep slamming at it. You will get it.

1 Like

Hi all,

this list is really awesome. May someone have made enough of the new boxes to post an updated version?

Type your comment> @adoken said:

Hi all,

this list is really awesome. May someone have made enough of the new boxes to post an updated version?

NetSecFocus Trophy Room - Google Drive

Awesome thanks!

Mark +1